For generating random bit sequences, random bit generators are used which generate a random output bit sequence upon input of an input bit sequence.
When used for cryptographic devices and cryptologic algorithms, random bit generators are exposed to attacks in which protected data are to be manipulated or read out. With the customary encryption methods today, e.g., the Advanced Encryption Standard (AES), keys are used which, due to the key length of 128 bits or more, cannot be ascertained by “trial and error” (so-called brute force attacks) even when high-speed computer techniques are used. An attacker will therefore also investigate secondary effects of an implementation such as the chronological course of the electric power consumption, the chronological duration or the electromagnetic emission of a circuit during the encryption operation. These attacks are referred to as side channel attacks since they are not aimed directly at the function.
These side channel attacks (SCAs) utilize the physical implementation of a cryptographic system in a device. The control unit having cryptographic functions is observed during the execution of the cryptologic algorithms to find correlations between the observed data and the hypotheses for the secret key.
There are numerous side channel attacks such as those in the publication by Mangard, Oswald and Popp in “Power Analysis Attacks,” Springer 2007, for example. A successful attack on the secret key of the AES is practically feasible, in particular with the aid of differential power analysis (DPA).
In a DPA, the electric power consumption of a microprocessor is recorded during cryptographic calculations, and traces of the power consumption are compared with hypotheses by using statistical methods.
In such methods, which make a DPA difficult, there is intervention into the algorithm itself. The operations are then carried out using randomly varied operands during masking, and as a result, the random value is then subtracted out again, which means that the random event has no effect on the result. Another possibility is the so-called hiding, in which an attempt is made to compensate for high-low transitions through corresponding low-high transitions.
Random bit generators are required for various security-critical applications. Random values may be used in particular to shuffle the operations during encryption with the aid of the AES algorithm or also to additionally insert so-called dummy operations. This makes side channel attacks such as a DPA difficult because the operation to be attacked is being carried out randomly at different points in time. A plurality of measurements is then needed for a DPA, to be able to ascertain the secret key, which makes the attack difficult.
However, previous random bit generators are not themselves protected against a DPA. If an attacker initially ascertains the secret random numbers through a DPA attack, he is then able to attack the encryption algorithm itself by knowing these random numbers. Knowing the random numbers during shuffling and dummy operations makes it possible to determine the points in time relevant for a DPA attack.